Month: February 2025

News

UK users are losing a key Apple security feature, raising questions about the future of privacy – UK users no longer have access to optional end-to-end encryption through Advanced Data Protection. This change leaves 14 kinds of users’ personal data (i.e. photos, messages) unencrypted. This may have been the result of Apple’s unwillingness to comply with a governmental request for a backdoor. 

DOGE Betrays Foundational Commitments of the Privacy Act of 1974 – The Privacy Act of 1974 seems to be the last line of defense between US citizen data and DOGE data collection. Danielle Citron discusses the limitations of the Act and how it might be used to protect data today. 

Physicists Question Microsoft’s Quantum Claim – Microsoft claimed to have invented a fourth type of matter by creating a “Majorana particle” which they claim is a major breakthrough in quantum computing. Some scientists say that the paper Microsoft published touting this invention does not provide conclusive evidence.

No room for privacy: How Airbnb fails to protect guests from hidden cameras – Airbnb’s internal policies fail to protect guests from hidden cameras by refusing to report complaints to the police and approaching potential privacy violators internally. While Airbnb has taken measures to ban cameras in Airbnb listings, it’s unclear how the company will enforce this ban. Airbnb also pushes most users to turn to arbitration in an effort to resolve these disputes. 

States win preliminary injunction against DOGE access to Treasury payment systems – 19 states brought suit to block DOGE access to Treasury data. A New York federal judge has recently issued an injunction to block DOGE access and will review that injunction based on information on the training, vetting and security clearance of DOGE employees. 

Federal Court Orders Department of Education and Office of Personnel Management to Stop Sharing Private Data with DOGE Affiliates – The US District Court for the District of Maryland issued a temporary restraining order prohibiting the Department of Education and Office of Personnel Management from disclosing sensitive information to DOGE. The Court found that the Privacy Act of 1974 would likely protect plaintiff’s privacy rights. The Court also found that injunctive relief was the only practical remedy; money damages post privacy invasion would prove meaningless. 

Job Opportunities

https://hls.harvard.edu/academics/fellowships-and-prizes/fellowships/postdoctoral-fellowship-in-private-law/

(Compiled by Student Fellow Alice Militaru)

Events

Join The Engelberg Center on Innovation Law & Policy, Library Futures, Theater of the Apes, and the Information Law Institute for a Public Domain Day presentation of Necromancers of the Public Domain. Wednesday, February 12 at 6:30 – 9:30pm EST

Join law school faculty, staff, and students in discussing AI & law news at LunchGPT Live, held online. Friday, February 14 at 4:00-5:00pm EST

News

Elon Musk’s Department of Government Efficiency (DOGE) is currently taking action against the Consumer Financial Protection Bureau (CFPB) at around the same time that X, formerly Twitter, announced that it had struck a deal with Visa to offer a mobile payments service, which would have been overseen by the CFPB. Under acting director Russ Vought, most of the CFPB’s work has been ordered to be stopped, and Vought has made statements that he will not seek any more funding for the bureau.

The American Federation of Teachers is leading a coalition of labor unions in filing a federal suit against the Trump administration and DOGE, alleging that the latter’s access to systems with personal data violates privacy laws. The suit warns that DOGE has access to an Education Department system with information on over 40 million Americans that includes Social Security numbers, driver’s license numbers, and home addresses.

Vice President JD Vance has indicated a departure from the Biden administration’s stance on AI at the 3rd AI Action Summit in Paris. After making a speech in which he expressed that European regulations of technology would be a burden for US companies, the US and the UK refused to sign on to the summit’s declaration for inclusive and sustainable AI practices.

Following Italy’s blocking of DeepSeek over lack of information on its use of personal data, the European Data Protection Board broadened the scope of its AI taskforce, which had previously only focused on ChatGPT. Enforcers in France, the Netherlands, Belgium, Luxembourg, and other countries are also questioning DeepSeek on its data collection practices.

(Compiled by Student Fellow Jerome David)

Events

Join The Engelberg Center on Innovation Law & Policy, Library Futures, Theater of the Apes, and the Information Law Institute for a Public Domain Day presentation of Necromancers of the Public Domain. Wednesday, February 12 · 6:30 – 9:30pm EST

News

Social media trade association NetChoice filed a lawsuit to block a Maryland state law that imposes privacy protections on children using social media and other online platforms.

The European Court of Justice found against the Irish Data Protection Commissioner, in a case about whether the European Data Protection Board can direct national data supervisors to follow a certain course of action.

Italy became the first country to outright ban DeepSeek’s AI model and chatbot, after an investigation into their data collection practices.

Lawmakers in Washington introduced a bill to protect citizen’s personal data from misuse.

FBI agents participated in investigations related to President Donald Trump have sued over Justice Department efforts to develop a list of employees involved in those inquiries that they fear could be a precursor to mass firings. They have raised the complaint that the creation of the list would violate their rights under the 1974 Privacy Act.

(Compiled by Student Fellow Anthony Perrins)

Events

Join The Engelberg Center on Innovation Law & Policy, Library Futures, Theater of the Apes, and the Information Law Institute  Public Domain Day presentation of Necromancers of the Public Domain. Wednesday, February 12 · 6:30 – 9:30pm EST

This week, we highlight Data Privacy Day, an annual awareness event observed on January 28th. Established in 2007 by the Council of Europe, it serves as a vital reminder of the importance of safeguarding personal information in our increasingly digital world. The day aims to raise awareness and promote best practices in data protection across various sectors, encouraging individuals, businesses, and governments to reflect on the progress made in data privacy and to commit to strengthening measures that ensure the security of personal data.

News

On January 23, 2025, President Trump signed an executive order titled “Removing Barriers to American Leadership in Artificial Intelligence.” This directive revokes certain existing AI policies and directives that it describes as “barriers to American AI innovation”, in order to “clear a path for the United States to act decisively to retain global leadership in artificial intelligence”. The order mandates the development of an action plan within 180 days to achieve this policy, involving key advisors and department heads.

President Trump dismissed the three Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB), an independent agency responsible for ensuring that government counterterrorism measures respect privacy and civil liberties. This action leaves the board with only one active member.

Daniel’s Law, enacted in New Jersey after the tragic 2020 attack on U.S. District Judge’s family resulting in her son’s murder, aims to protect judges, prosecutors, and law enforcement officers by allowing them to request the removal of personal information like home addresses from public databases. Since its enactment, the law has sparked a wave of lawsuits led by Atlas Data Privacy Corporation, which has filed more than 140 lawsuits against data brokers on behalf of approximately 19,000 “covered persons” under the law. These companies challenged the law’s constitutionality, but in the end of November 2024, a federal judge upheld Daniel’s Law, rejecting the defendants’ constitutional challenges.

Last week, the U.S. Copyright Office published the latest part of its report on legal and policy issues related to AI, following its August 2023 Notice of Inquiry. This installment focuses on the copyrightability of works created using generative AI. The first part, released in 2024, addressed digital replicas, while future sections will cover AI model training on copyrighted works, licensing, and liability issues.

The Chinese AI app DeepSeek, with over 2 million downloads since January 2025, has raised significant privacy concerns due to its storage of user data on Chinese servers, making it subject to Chinese cybersecurity laws. The app has also been accused of censoring sensitive topics, sparking fears of propaganda and misinformation. Italy’s data protection authority, Garante, has launched an inquiry into DeepSeek, requesting detailed information on its data collection practices, data storage locations, and the legal basis for processing personal data. The regulator has given DeepSeek 20 days to respond to these inquiries. Additionally, Texas has become the first U.S. state to ban DeepSeek on government-issued devices, citing concerns that Americans’ data could be accessed by foreign entities.

On January 17, 2025, the European Data Protection Board (EDPB) adopted new guidelines on pseudonymisation during its plenary meeting. These guidelines clarify the definition and applicability of pseudonymisation under the General Data Protection Regulation (GDPR), emphasizing that pseudonymised data – data that can be attributed to an individual using additional information – remains personal data and is subject to GDPR provisions. The EDPB highlights that pseudonymisation can mitigate risks and facilitate the use of legitimate interests as a legal basis for data processing, provided all GDPR requirements are met. The guidelines are open for public consultation until February 28, 2025, allowing stakeholders to provide feedback.

Romania – Romanian prosecutors are investigating allegations of election fraud linked to social media campaigns. The investigation centers on accusations of online manipulation, including a TikTok campaign reportedly funded by pro-Russian interests, aimed at rebranding Georgescu as a pro-Western candidate.

India – On January 23, 2025, the National Company Law Appellate Tribunal (NCLAT) suspended the Competition Commission of India’s (CCI) order that restricted WhatsApp from sharing user data with Meta companies for advertising purposes over the next five years.

Israel – Moshe Nussbaum, an reporter who was diagnosed with ALS, a disease that impaired his ability to speak, appeared on television using an AI avatar based on his own voice and mimicked gestures. The AI technology was trained on recordings from his extensive career in journalism, allowing it to recreate his distinctive vocal tone and synchronize his lip movements with the generated speech. This innovative approach enabled Nussbaum to continue delivering news reports and commentary, despite the physical limitations caused by his condition.

(Compiled by Student Fellow Nofar Kadosh)